File this one away under 'better late than never.' Zendesk, a popular customer support ticketing platform, has only recently discovered evidence of a data breach that dates back to November 2016 by an unnamed party.
To make matters worse, they admitted in a recent blog post that they only discovered the breach when they heard about it by the unnamed third party.
Nonetheless, when the company did discover the breach, they promptly notified their customers and began going through the motions we've come to expect to see when this type of event occurs.
The company reports more than ten thousand user records were accessed. Besides, the hackers made off with email addresses, names, and phone numbers of both agents and end-users.
Compromised passwords gave hackers hashed and salted passwords. Having hashed and salted passwords make it unlikely, but not impossible for them to decrypt and use them. Finally, app configuration settings compromises may have included integration keys used by those apps to authenticate against third-party services.
The company notes no evidence of any passwords misused since the breach.
All in all, then, it's certainly not the worst breach in history. The issue handled by Zendesk (once they were aware of the issue) was average to above-average maintenance. Given the breach went undetected for three years, it doesn't say good things about the company's security and detection strategies. It certainly doesn't instill their users with confidence.
If you're a Zendesk user, it's a good idea to change your password at your next opportunity. Better safe than sorry.
Reach out to us if you have any questions about data breaches.